package com.hlxl.viewpointrest.service;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.model.CompanyConstants;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.Authenticator;
import com.liferay.portal.service.UserLocalServiceUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.Date;

/**
 * Created by wyy on 18-5-7
 * https://web.liferay.com/it/community/wiki/-/wiki/Main/Liferay+Authentation+Process/maximized
 */
@Service
public class AuthService {

    @Autowired
    private AuthenticationManager authenticationManager;

    public User auth(Long companyId, String username, String password) throws SystemException, PortalException {
        if (Validator.isNull(username) || Validator.isNull(password)) {
            return null;
        }
        String authType = "";
        if (username.contains("@")) {
            authType = CompanyConstants.AUTH_TYPE_EA;
        } else {
            authType = CompanyConstants.AUTH_TYPE_SN;
        }
        User user = null;
        int result = 0;

        //找出认证的用户
        if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {//邮箱登录
            result = UserLocalServiceUtil.authenticateByEmailAddress(companyId, username, password, null, null, null);
            if (result == Authenticator.SUCCESS) {
                user = UserLocalServiceUtil.getUserByEmailAddress(companyId, username);
            }
        } else {//screenName 登录
            result = UserLocalServiceUtil.authenticateByScreenName(companyId, username, password, null, null, null);
            if (result == Authenticator.SUCCESS)
                user = UserLocalServiceUtil.getUserByScreenName(companyId, username);
        }

        if (result == Authenticator.SUCCESS) {//认证成功，修改用户的登录信息。
            Date lastLoginDate = user.getLoginDate();
            user.setLoginDate(new Date());
            user.setLastLoginDate(lastLoginDate);
            UserLocalServiceUtil.updateUser(user);
            Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
                    user.getScreenName(),
                    user.getPassword(),
                    new ArrayList<>()));
            SecurityContextHolder.getContext().setAuthentication(authentication);

        } else if (result == Authenticator.FAILURE) {//认证失败,密码错误
            user.setLastFailedLoginDate(new Date());
            UserLocalServiceUtil.updateUser(user);

        } else if (result == Authenticator.DNE) {//用户不存在

        }

        //0:no user,-1:password wrong
        return result == 1 ? user : null;
    }
}
